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DETAILED ACTION 

This Office Action is in response to Applicant's Arguments filed November 27, 

2007. 

Claims 1,4-8, 11-15, and 19-20 are currently pending and herein considered. 

Response to Arguments 

Applicant's arguments and amendments filed November 27, 2007 with respect to 
the rejection(s) of claim(s) 1,4-8, 11-15, and 19-20 under 35 USC 102(e) as anticipated 
by Coss have been fully considered but are not persuasive. 

In response to Applicant's remarks concerning Coss's alleged failure to disclose 
"selecting at least one of the presorted plurality of rules according to said one value 
retrieved from the received packet, wherein the selected rules is associated with said 
one value" the Examiner respectfully disagrees. The Examiner would like to draw 
Applicant's attention to column 2, lines 1-4 of the Coss reference wherein he provides 
for "[a] particular rule set that is applied for any packet can be determined based on 
information such as the incoming and outgoing network interfaces as well as the 
network source and destination addresses." It is clear to the Examiner that Coss not 
only provides for the application of a particular rule set to a particular packet, but that 
that application may be determined in response to particular values obtained from the 
packet, including but not limited to the packet's source and destination address. 
Applicant goes on to argue that Coss not only fails to disclose the selection of a 
particular rule set, but that he fails to disclose analyzing information in the packet to 
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retrieve from the received packet one of said values." Once again, the Examiner 
respectfully disagrees, referring back to the portion cited above wherein Coss clearly 
provides for the selection of a rule set based upon information from that packet, 
including but not limited to the source and destination address. Additionally, the 
Examiner would like to draw Applicant's attention to column 4 lines 27-30 wherein Coss 
provides for the imposition of "conditions which must be satisfied by data included in a 
packet tor the specified action to be taken on that packet." Although the Examiner has 
chosen to cite these particular portions of the reference in response to Applicant's 
argument, she would like to take this opportunity to remind Applicant that his claims 
have been rejected in view of the Coss reference in its entirety and that the particular 
citations included within this response and those previous are included for the benefit of 
the Applicant in following the Examiner's reasoning, but are not meant to limit the 
reference merely to those sections cited. In response to Applicant's suggestion that the 
Examiner's citations of column 9, lines 1-33 are inapplicable based upon Coss's used of 
the phrase "as need arises" the Examiner respectfully disagrees. Coss's dynamic 
packet filtering includes the capacity to create on the spot, or "dynamic" filtering rules in 
response to information received. The Examiner would like to remind Applicant that 
most dynamic systems augment themselves "as need arises" similarly to the Coss 
reference, and that such a phrase may very well include the reception of a particular 
packet to which the Coss reference provides the necessary teachings to dynamically 
provide for the application of a particular rule set to the packet in response to 
information retrieved from that packet. 
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In response to Applicant's remarks concerning claim 4 and its dependence upon 
claim 1, the Examiner directs Applicant's attention to those arguments given above with 
regards to claim 1 . 

In response to Applicant's remarks concerning claim 5 and Coss's alleged failure 
to disclose "associating a user with each value such that each user is assigned a 
privilege and wherein the privilege determined whether to associate each rule with said 
value" the Examiner respectfully disagrees. In addition to those previously cited 
sections of the Coss reference, the Examiner would like to draw Applicant's attention to 
column 2 lines 5-17 wherein Coss discloses the use of stateful packet filtering to store 
the results of processing results for packets directed to a particular user, so that 
subsequent similar packets may be recognized based upon their value so that a cached 
result may be utilized in order to bypass the sequence of filters. This avoids the need to 
apply the rule set to each similar incoming packet. Such a bypass, equates to 
Applicant's use of privileges to determine which rule set is to be applied or bypassed as 
the case may be. It is based upon this privilege, or bypass, that a rule-value association 
may or may not be made. Coss goes on in his reference to disclose the use of 'masks' 
in order to privilege particular users and packets to bypass the rules ordinarily 
associated so that particular queries may be identified. 

In response to Applicant's remarks concerning claim 6 and Coss's alleged failure 
to disclose determining a user profile of associated rules based on the privileges 
assigned to a user, the Examiner respectfully disagrees. Applicant's arguments rely 
upon those given above with regards to claim 5. The Examiner would like to refer 
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Applicant to her response given above with respect to claim 5 wherein she provides 
particular regions within the Coss reference which serve to disclose his use of privileges 
for users so that particular rules may be applied based upon that user's privileges. 

In response to Applicant's remarks concerning claim 7 and Coss's alleged failure 
to disclose "further associating a user profile with a group profile" the Examiner 
respectfully disagrees. Drawing Applicant's attention to column 1 lines 63-67 wherein 
Coss provides for the ability to support multiple policies, multiple users, and a 
combination of the two by applying several distinct sets of access rules for a given 
packet. Coss's Figure 6 provides for the grouping of users based upon address ranges. 
Referring now to column 6, lines 56-58, Coss provides for the inclusion of source and 
destination addresses "to allow for multiple users to be supported by a single network 
interface." Additionally, within column 2 lines 37-41 Coss provides for the use of 
dynamic rules to define host groups, such that they can be modified to add or drop 
different hosts without altering other aspects of the rule sets. It is based upon these 
particular sections in view of the reference in its entirety that the Examiner maintains her 
belief that Coss not only provides for groups, but that he discloses associating a user 
profile with a group profile so that he can apply group rules to a number of different 
users at once. 

In response to Applicant's remarks concerning claims 8, 11, 15, and 1 9, the 
Examiner refers Applicant to those remarks given with regards to claim 1 . Furthermore, 
in response to Applicant's arguments concerning Coss's alleged failure to disclose "a 
computer program product" as claimed in claim 15, the Examiner respectfully disagrees 
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for two reasons. First, the recitation "a computer program product" has not been given 
patentable weight because the recitation occurs in the preamble. A preamble is 
generally not accorded any patentable weight where it merely recites the purpose of a 
process or the intended use of a structure, and where the body of the claim does not 
depend on the preamble for completeness but, instead, the process steps or structural 
limitations are able to stand alone. See In re Hirao, 535 F.2d 67, 190 USPQ 15 (CCPA 
1976) and Kropa v. Robie, 187 F.2d 150, 152, 88 USPQ 478, 481 (CCPA 1951). 
Secondly, assuming arguendo that Applicant's "computer program product" was in fact 
claimed within the body of his claims, the Examiner directs Applicant's attention to 
column 3, lines 21-30 of the reference wherein Coss specifically provides for the 
implementation of his invention "as computer system software, using the 'C 
programming language for implementation on general purpose PC hardware." It is 
based upon this citation in view of the reference in its entirety that the Examiner 
maintains her view that Coss does in fact provide for Applicant's "computer program 
product." 

In response to Applicant's remarks concerning claims 12-14 and 20, the 
Examiner directs Applicant's attention to those arguments given above with regards to 
claim 5. 

In view of the arguments given above, the Examiner maintains her 35 USC 
102(e) rejection of claims 1, 4-8, 11-15, and 19-20 as anticipated by Coss et al., 
included below for Applicant's benefit. 
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Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1, 4-8, 11-15, and 19-20 remain rejected under 35 U.S.C. 102(e) as 
being anticipated by Coss et al., United States Patent 6,098,172, hereinafter 
referred to as Coss. 

As per claim 1 , Coss discloses a method for presorting a plurality of rules for 
filtering a packet in network, the method comprising the steps of: selecting a 
characteristic for sorting the plurality of rules, wherein said characteristic is at least one 
of a source address and a destination address (col.1 line 63 thru col. 2 line 4, col.4 lines 
17-33); associating each rule with at least one of a plurality of values for said 
characteristic (col.4 lines 17-33); presorting at a network security filter the plurality of 
rules according to each value for said characteristic ("firewall") (col.1 lines 6-8 and 59- 
67); receiving the packet at the network security filter ("firewall") (col.1 lines 6-8 and 59- 
67); analyzing information in the packet to retrieve from the received packet one of said 
values (col. 9 lines 1-33); selecting at least one of the presorted plurality of rules 
according to said one value retrieved from the received packet, wherein the selected 
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rule is associated with said one value (col.9 lines 1-33); and applying said selected rule 
to the received packet, such that the received packet is permitted to enter the network 
or alternatively is dropped in accordance with the selected rule (col.1 line 59 thru col. 2 
line 4, col.4 lines 40-50). 

As per claim 4, Coss discloses wherein said characteristic is a combination of 
said source address of the packet and said destination address of the packet (col .2 
lines 1-4, col.4 lines 17-33). 

As per claim 5, Coss discloses wherein a user is associated with each value 
such that said associating each rule with at least one value for said characteristic further 
comprise assigning at least one privilege to a user and determining whether to 
associate each rule with said value of said characteristic according to said at least one 
privilege (col.1 lines 63-67, col.2 lines 38-41, col .8 lines 3-35). 

As per claim 6, Coss discloses wherein said assigning at least one privilege to 
said user further comprises determining a user profile of associated rules according to 
said at least one privilege (col.1 lines 63-67, col.2 lines 38-41 , col. 8 lines 3-35). 

As per claim 7, Coss discloses associating a user profile with a group profile, 
such that a plurality of values for said characteristic is associated with said associated 
rules of said group profile (col.2 lines 38-42). 

As per claim 8, Coss discloses an apparatus for presorting a plurality of rules for 
filtering a packet in network, wherein a characteristic for sorting the plurality of rules is at 
least one of a source address and a destination address (col.1 line 63 thru col.2 line 4), 
said characteristic has a plurality of possible values, and each rule is associated with at 
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least one value for said characteristic, the apparatus comprising: a software module for 
performing the operations of: presorting at a network security filter("firewall") (col.1 lines 
6-8 and 59-67) the plurality of rules according to each value for said characteristic (col.1 
line 63 thru col. 2 line 4); analyzing information in the packet received at the network 
security filter ("firewall") to retrieve from the packet a value for said characteristic (col. 9 
lines 1-33); selecting at least one of the presorted plurality of rules according to said 
value retrieved from the packet wherein the selected rule is associated with said value 
(col.1 line 59 thru col. 2 line 4, col.4 lines 40-50); and applying said selected rule to the 
packet, such that the packet is permitted to enter the network or alternatively is dropped 
in accordance with selected rule (col.1 line 59 thru col .2 line 4, col.4 lines 40-50). 

As per claim 11, Coss discloses wherein said characteristic is a combination of 
said source address of the packet and said destination address of the packet (col .2 
lines 1-4, col.4 lines 17-33). 

As per claim 12, Coss discloses wherein a user is associated with each value of 
said characteristic such that the software module further performs the operations of 
assigning at least one privilege to a user and determining whether to associate each 
rule with said value according to said at least one privilege (col.1 lines 63-67, col. 2 lines 
38-41, col.8 lines 3-35). 

As per claim 13, Coss discloses wherein said assigning at least one privilege to 
said user further comprises determining a user profile of associated rules according to 
said at least one privilege (col.1 lines 63-67, col. 2 lines 38-41, col.8 lines 3-35). 
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As per claim 14, Coss discloses associating a user profile with a group profile, 
such that a plurality of values for said characteristic is associated with said associated 
rules of said group profile (col. 2 lines 38-42). 

As per claim 15, Coss discloses a computer program product comprising a 
computer usable medium having computer readable code embodied therein for 
presorting a plurality of rules for filtering a packet received at a network security filter, 
the computer program product comprising computer readable program code for 
performing the operations of: selecting a characteristic for sorting the plurality of rules, 
said characteristic has a plurality of possible values, wherein said characteristic is at 
least one of a source address and a destination address (col.1 line 63 thru col. 2 line 4); 
associating each rule with at least one value for said characteristic (col.4 lines 17-33), 
presorting at a network security filter ("firewall") (col.1 lines 6-8 and 59-67) the plurality 
of rules according to each value for said characteristic; analyzing information in the 
packet received at a network security filter to retrieve said value from the packet and 
selecting at least one of the presorted plurality of rules according to said value retrieved 
from the packet wherein the selected rule is associated with said value (col. 9 lines 1- 
33); and applying said selected rule to the received packet, such that the received 
packet is permitted to enter the network or alternatively is dropped in accordance with 
said selected rule (col.1 line 59 thru col.2 line 4, col.4 lines 40-50). 

As per claim 19, Coss discloses wherein said characteristic is a combination of 
the source address of the packet and the destination address of the packet (col.1 line 
63 thru col.2 line 4, col.4 lines 17-33). 
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As per claim 20, Coss discloses wherein a user is associated with each value of 
said characteristic such that said computer readable program code further comprises 
the operations of assigning at least one privilege to a user and determining whether to 
associate each rule with said value of said characteristic according to said at least one 
privilege (col.1 lines 63-67, col.2 lines 38-41, col.8 lines 3-35). 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Tamara Teslovich whose telephone number is (571) 
272-4241 . The examiner can normally be reached on Mon-Fri 8-4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571) 272-3865. The fax phone 
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number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Tamara Teslovich/ 
Examiner, Art Unit 2137 

/Emmanuel L. Moise/ 

Supervisory Patent Examiner, Art Unit 2137 



